Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.
During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process, is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.
Commands added
--------------
dek_blob - encapsulating DEK as a cryptgraphic blob
Commands Syntax
---------------
dek_blob src dst len
Encapsulate and create blob of a len-bits DEK at
address src and store the result at address dst.
Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>
Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>
Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
#
# Xilinx ZYNQ U-Boot
#
# (C) Copyright 2013 Xilinx, Inc.
#
# SPDX-License-Identifier: GPL-2.0+
#
1. About this
This document describes the information about Xilinx Zynq U-Boot -
like supported boards, ML status and TODO list.
2. Zynq boards
Xilinx Zynq-7000 All Programmable SoCs enable extensive system level
differentiation, integration, and flexibility through hardware, software,
and I/O programmability.
* zc70x
- zc702 (single qspi, gem0, mmc) [1]
- zc706 (dual parallel qspi, gem0, mmc) [2]
* zed (single qspi, gem0, mmc) [3]
* microzed (single qspi, gem0, mmc) [4]
* zc770
- zc770-xm010 (single qspi, gem0, mmc)
- zc770-xm011 (8 or 16 bit nand)
- zc770-xm012 (nor)
- zc770-xm013 (dual parallel qspi, gem1)
3. Building
# Configure for zc70x board
$ make zynq_zc70x_config
Configuring for zynq_zc70x board...
# Building default dts for zc702 board
$ make
# Building specified dts for zc706 board
$ make DEVICE_TREE=zynq-zc706
4. Bootmode
Zynq has a facility to read the bootmode from the slcr bootmode register
once user is setting through jumpers on the board - see page no:1546 on [5]
All possible bootmode values are defined in Table 6-2:Boot_Mode MIO Pins
on [5].
board_late_init() will read the bootmode values using slcr bootmode register
at runtime and assign the modeboot variable to specific bootmode string which
is intern used in autoboot.
SLCR bootmode register Bit[3:0] values
#define ZYNQ_BM_NOR 0x02
#define ZYNQ_BM_SD 0x05
#define ZYNQ_BM_JTAG 0x0
"modeboot" variable can assign any of "norboot", "sdboot" or "jtagboot"
bootmode strings at runtime.
5. Mainline status
- Added basic board configurations support.
- Added zynq u-boot bsp code - arch/arm/cpu/armv7/zynq
- Added zynq boards named - zc70x, zed, microzed, zc770_xm010, zc770_xm012, zc770_xm013
- Added zynq drivers:
serial - drivers/serial/serial_zynq.c
net - drivers/net/zynq_gem.c
mmc - drivers/mmc/zynq_sdhci.c
mmc - drivers/mmc/zynq_sdhci.c
spi- drivers/spi/zynq_spi.c
i2c - drivers/i2c/zynq_i2c.c
- Done proper cleanups on board configurations
- Added basic FDT support for zynq boards
- d-cache support for zynq_gem.c
6. TODO
- Add zynq boards support - zc770_xm011
- Add zynq qspi controller driver
- Add zynq nand controller driver
- Add FDT support on individual drivers
[1] http://www.xilinx.com/products/boards-and-kits/EK-Z7-ZC702-G.htm
[2] http://www.xilinx.com/products/boards-and-kits/EK-Z7-ZC706-G.htm
[3] http://zedboard.org/product/zedboard
[4] http://zedboard.org/product/microzed
[5] http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf
--
Jagannadha Sutradharudu Teki <jaganna@xilinx.com>
Sun Dec 15 14:52:41 IST 2013
0200020bc2